I completely agree with V_S_. The way this is currently handled is anything but professional. All customers should be notified in a timely manner if new vulnerabilities are discovered, especially when it involves components facing the WAN. So many times I see people on these forums pointing out vulnerabilities and I am always wondering why the vendor does not release a public statement, keeping everyone up to date. It’s not the customers who should have to be proactive. This is the vendor’s responsibility in my opinion.
In a situation like this I am not prepared to wait several weeks until the next monthly hotfix is released. For vulnerabilities such as POODLE, the vendor should have released a hotfix for all customers a long time ago. I just can’t believe this still has not been addressed. Instead of waiting for the customers to contact Support, why not release an out of band hotfix or something similar for everyone’s benefit? This would at least give everyone the chance to address this immediately, without having to wait for the next monthly hotfix.
